AI GovernanceEuropean Union (extraterritorial)In force In force Aug 1, 2024 — obligations phase in through 2027

EU AI Act

European Union Artificial Intelligence Act

The world's first comprehensive AI law

Run EU AI Act assessment ← All frameworks

Overview

The EU AI Act (Regulation (EU) 2024/1689) regulates AI by risk tier: a few uses are prohibited outright, high-risk systems carry heavy obligations, limited-risk systems owe transparency, and general-purpose AI models have their own duties. It applies to providers and deployers placing AI on the EU market — or whose AI output is used in the EU — even if the company sits outside Europe.

Authority

European AI Office + national market-surveillance authorities

Jurisdiction

European Union (extraterritorial)

Effective date

In force Aug 1, 2024 — obligations phase in through 2027

Applicability

Who must comply with EU AI Act?

Any organization that develops, sells, or uses an AI system in the EU, or whose AI output reaches people in the EU — including Canadian and US companies. Obligations scale with the system's risk tier; high-risk and general-purpose AI carry the most.

Compliance scope

Your organization collects personal information

You operate in the applicable jurisdiction

Commercial activities are involved

You use or disclose personal data

Not sure if EU AI Act applies? Run a free assessment →

Requirements

Key obligations under EU AI Act

Risk classification

Determine each AI system's tier — prohibited (Art. 5), high-risk (Annex III), limited (Art. 50), minimal, or GPAI (Art. 53+). The tier drives everything else.

Risk management & data governance

High-risk systems need a continuous risk-management process (Art. 9) and training/validation data that is relevant, representative, and bias-checked (Art. 10).

Technical documentation

Maintain Annex IV technical documentation and automatic logs that demonstrate conformity and enable traceability (Art. 11–12).

Human oversight

Design high-risk systems so a person can understand, intervene in, and override their output (Art. 14).

Transparency

Tell people when they interact with an AI system and label AI-generated or manipulated content / deepfakes (Art. 50).

Conformity & registration

High-risk systems require a conformity assessment, an EU declaration of conformity, CE marking, and registration in the EU database (Art. 43–49).

Enforcement

Penalties & enforcement

Maximum penalty

€35M or 7% of global annual turnover

Enforced by: National market-surveillance authorities + European AI Office

Notable case

Up to €35M / 7% for prohibited practices; €15M / 3% for most other breaches; €7.5M / 1% for supplying incorrect information.

How Canuckt keeps you penalty-free:

Free EU AI Act Risk Checker that classifies each system's tier in two minutes

AI systems registry + obligations map that turns your tier into a concrete, trackable checklist

Annex IV technical documentation, model cards, and FRIA templates generated for you

Audit-ready evidence trail across your AI systems — bilingual, hosted in Canada

Frameworks that often overlap with EU AI Act

AI Governance

ISO 42001

The certifiable AI management system standard

AI Governance

NIST AI RMF

The voluntary US framework for trustworthy AI

AI Governance

AIDA

Canada's first federal AI regulation law

Run a free EU AI Act gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with EU AI Act — in under 3 hours. Free forever.

Start free assessment

No credit card

Results in hours

Canadian data residency